Important! CounterSpy Definitions 416 False Positives

Definitions 416 for CounterSpy Consumer 1.5 & 2.0 Beta (defs 418 for CSC 1.0) were released Wednesday evening. As a result of an unusual confluence of circumstances, two false positives were incorporated into defs 416. Both false positives are on Registry keys:

Both false positives will be reported as "SearchSquire" (ThreatID 40276).

You will likely see more than just the above two Registry keys detected, though, because these two Registry keys store data for installed ActiveX controls in Windows. In addition to the above two Registry keys, you will likely also see detections for a number of sub-keys and values as well as files in the \Downloaded Program Files folder. All of these detections are being caused by the two erroneous Registry traces listed above.

Sunbelt became aware of the problem late Wednesday night/early Thursday morning. We will be pushing out corrected definitions later this morning. At present Sunbelt is working to turn off any further distribution of defs 416 from Sunbelt's update servers.

Until those corrected defs are released, we advise you not to quarantine or remove any "SearchSquire" detections from system scans using defs 416. If you have already quarantined SearchSquire traces from a scan with defs 416, you should unquarantine those traces.

Those of you using CounterSpy 2.0 should be aware that there are some glitches with the incremental update system -- glitches that the devs are working on. One of those glitches involves incremental updates being applied in such a way that false positives corrected in our master database aren't corrected in the defs on the user's hard drive. (The other glitch involves incremental updates that simply fail to be merged properly.)

If you visit the Sunbelt beta forums and look in the "Definitions & Updates" forum you'll find a good, zipped copy of defs 417 that can be downloaded and manually installed. This known good copy of 417 will correct the SearchSquire false positives.